mirai | 0a415b8c371e9fb4752cf335125d88de7defebd777e74c0279128e81bac9b0e5 | Triage

Sharing

General

Target

deb303d2000cc6bcf26d6ca5db39c1c3_JaffaCakes118
Size

77KB
Sample

240913-xj6q6stara
MD5

deb303d2000cc6bcf26d6ca5db39c1c3
SHA1

ff9ae4320d026cfed51c29e35b359c0b4feb0001
SHA256

0a415b8c371e9fb4752cf335125d88de7defebd777e74c0279128e81bac9b0e5
SHA512

1a01c018cb14db17daf9a84d77ebd79d0740e107ec74dfa4eb7eaaa0ff9c4765874931f4f9cd57e60740038716ad2ccdd6ba83d744014f54449b3638d44e8a5d
SSDEEP

1536:tL5KF6+HKF/JRcPguxikd/l8G2D4ht1q0:h5KF6+H+/0guE4o0

Score

10^/10

mirai mirai defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  deb303d2000cc6bcf26d6ca5db39c1c3_JaffaCakes118
- Size
  
  77KB
- MD5
  
  deb303d2000cc6bcf26d6ca5db39c1c3
- SHA1
  
  ff9ae4320d026cfed51c29e35b359c0b4feb0001
- SHA256
  
  0a415b8c371e9fb4752cf335125d88de7defebd777e74c0279128e81bac9b0e5
- SHA512
  
  1a01c018cb14db17daf9a84d77ebd79d0740e107ec74dfa4eb7eaaa0ff9c4765874931f4f9cd57e60740038716ad2ccdd6ba83d744014f54449b3638d44e8a5d
- SSDEEP
  
  1536:tL5KF6+HKF/JRcPguxikd/l8G2D4ht1q0:h5KF6+H+/0guE4o0
Score

9^/10

defense_evasion discovery
- Contacts a large (3518) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery